TCP

PORT      STATE SERVICE       REASON          VERSION
53/tcp    open  domain        syn-ack ttl 127 Simple DNS Plus
88/tcp    open  kerberos-sec  syn-ack ttl 127 Microsoft Windows Kerberos (server time: 2022-07-20 19:45:08Z)
135/tcp   open  msrpc         syn-ack ttl 127 Microsoft Windows RPC
139/tcp   open  netbios-ssn   syn-ack ttl 127 Microsoft Windows netbios-ssn
389/tcp   open  ldap          syn-ack ttl 127 Microsoft Windows Active Directory LDAP (Domain: vault.offsec0., Site: Default-First-Site-Name)
445/tcp   open  microsoft-ds? syn-ack ttl 127
464/tcp   open  kpasswd5?     syn-ack ttl 127
593/tcp   open  ncacn_http    syn-ack ttl 127 Microsoft Windows RPC over HTTP 1.0
636/tcp   open  tcpwrapped    syn-ack ttl 127
3268/tcp  open  ldap          syn-ack ttl 127 Microsoft Windows Active Directory LDAP (Domain: vault.offsec0., Site: Default-First-Site-Name)
3269/tcp  open  tcpwrapped    syn-ack ttl 127
3389/tcp  open  ms-wbt-server syn-ack ttl 127 Microsoft Terminal Services
| rdp-ntlm-info: 
|   Target_Name: VAULT
|   NetBIOS_Domain_Name: VAULT
|   NetBIOS_Computer_Name: DC
|   DNS_Domain_Name: vault.offsec
|   DNS_Computer_Name: DC.vault.offsec
|   DNS_Tree_Name: vault.offsec
|   Product_Version: 10.0.17763
|_  System_Time: 2022-07-20T19:46:11+00:00
| ssl-cert: Subject: commonName=DC.vault.offsec
| Issuer: commonName=DC.vault.offsec
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2022-07-19T19:08:21
| Not valid after:  2023-01-18T19:08:21
| MD5:   4a93 8e77 9694 56be da81 9779 daa4 4418
| SHA-1: 2ac6 7d2e 976f 016f 25ae 1e6d 4c71 9279 1173 fcbb
| -----BEGIN CERTIFICATE-----
| MIIC4jCCAcqgAwIBAgIQZApdHLxOrphHdIfsWNUhVzANBgkqhkiG9w0BAQsFADAa
| MRgwFgYDVQQDEw9EQy52YXVsdC5vZmZzZWMwHhcNMjIwNzE5MTkwODIxWhcNMjMw
| MTE4MTkwODIxWjAaMRgwFgYDVQQDEw9EQy52YXVsdC5vZmZzZWMwggEiMA0GCSqG
| SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMG7yL+PUl3yImGtZ+QxXH4kI/Stf5Ov4V
| NiVyh47/oJ5e2KhZda7bVC20jk2XNX/upHql4j8oNHFMvdWKKbXWaOhMLdL1GoDK
| aGyMoRZJ7GdHcAc3jjH19dysoVRAeA6rPPyItYP55shV4nYMNCkHb9pxWjDyJ28B
| n/4wonL6eND+6pcZY1Ks65OcZPQb5vhtOMLvDY5BpQAaxAPPLBGT5R3u+lwvHeWv
| 4+XNGep9eZn01ljDad8FCoz9W//f2smxkNrOadoGrPb5vXNVT9XZaUei3QeT7UNA
| oGDWO2rH9W37BP1ej1XWR6dWTaq0IoUyltcJ3ijwyeFU+RqN4tf5AgMBAAGjJDAi
| MBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIEMDANBgkqhkiG9w0BAQsF
| AAOCAQEAwXCLXBIT51Buek6NqIXWfGQvseM6aNRgbzCecCcNdgjatOrp1I4xgWSs
| H+Cr1ecZ3KCdZhHjzxbnMgiYE8eqXHK9RllnDFF+kvKNZXpCeIKQ0QOigQEQL8YZ
| uQwI3OWg3a/7OsPRR/7kHaYPoha0AG0v/2Ki76Nj4pjsnm/HPFFgPagBBmwNP6FF
| 4A1PFAeSCMVjVHoXnvRx/Guip1W7JH1Rvmv0l/9WtCP476o6F7cowHjExmkWLzFk
| l07LxKn+R4pHUKazmQxXrBxVeomtkiBnu4ANnprmaUtceufhf/BD/gS9lYalnG37
| PlTmFjvxsgHzIwHqUIXf7pvRwkPvug==
|_-----END CERTIFICATE-----
|_ssl-date: 2022-07-20T19:46:51+00:00; 0s from scanner time.
5985/tcp  open  http          syn-ack ttl 127 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-title: Not Found
|_http-server-header: Microsoft-HTTPAPI/2.0
9389/tcp  open  mc-nmf        syn-ack ttl 127 .NET Message Framing
49666/tcp open  msrpc         syn-ack ttl 127 Microsoft Windows RPC
49668/tcp open  msrpc         syn-ack ttl 127 Microsoft Windows RPC
49669/tcp open  ncacn_http    syn-ack ttl 127 Microsoft Windows RPC over HTTP 1.0
49670/tcp open  msrpc         syn-ack ttl 127 Microsoft Windows RPC
49675/tcp open  msrpc         syn-ack ttl 127 Microsoft Windows RPC
49699/tcp open  msrpc         syn-ack ttl 127 Microsoft Windows RPC
49795/tcp open  msrpc         syn-ack ttl 127 Microsoft Windows RPC
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
OS fingerprint not ideal because: Missing a closed TCP port so results incomplete
No OS matches for host
TCP/IP fingerprint:
SCAN(V=7.92%E=4%D=7/20%OT=53%CT=%CU=%PV=Y%DS=2%DC=T%G=N%TM=62D85BAD%P=x86_64-pc-linux-gnu)
SEQ(SP=100%GCD=1%ISR=108%TI=I%II=I%SS=S%TS=U)
OPS(O1=M551NW8NNS%O2=M551NW8NNS%O3=M551NW8%O4=M551NW8NNS%O5=M551NW8NNS%O6=M551NNS)
WIN(W1=FFFF%W2=FFFF%W3=FFFF%W4=FFFF%W5=FFFF%W6=FF70)
ECN(R=Y%DF=Y%TG=80%W=FFFF%O=M551NW8NNS%CC=Y%Q=)
T1(R=Y%DF=Y%TG=80%S=O%A=S+%F=AS%RD=0%Q=)
T2(R=N)
T3(R=N)
T4(R=N)
U1(R=N)
IE(R=Y%DFI=N%TG=80%CD=Z)

Network Distance: 2 hops
TCP Sequence Prediction: Difficulty=256 (Good luck!)
IP ID Sequence Generation: Incremental
Service Info: Host: DC; OS: Windows; CPE: cpe:/o:microsoft:windows

Host script results:
| smb2-security-mode: 
|   3.1.1: 
|_    Message signing enabled and required
| smb2-time: 
|   date: 2022-07-20T19:46:13
|_  start_date: N/A
| p2p-conficker: 
|   Checking for Conficker.C or higher...
|   Check 1 (port 51600/tcp): CLEAN (Timeout)
|   Check 2 (port 33559/tcp): CLEAN (Timeout)
|   Check 3 (port 40828/udp): CLEAN (Timeout)
|   Check 4 (port 2859/udp): CLEAN (Timeout)
|_  0/4 checks are positive: Host is CLEAN or ports are blocked
|_clock-skew: mean: 0s, deviation: 0s, median: 0s

TRACEROUTE (using port 139/tcp)
HOP RTT      ADDRESS
1   55.43 ms 192.168.49.1
2   57.08 ms 192.168.227.172
PreviousSummaryNextUDP

Last updated